From 35be49c9d0b4ab2b6142975cc40e6b09f9be942b Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 26 Jan 2022 20:10:21 +0000 Subject: automatic update --- data/CVE/2013.list | 2 + data/CVE/2018.list | 2 + data/CVE/2021.list | 89 ++++++++++++++++++------------------ data/CVE/2022.list | 129 +++++++++++++++++++++++++++++++++++++++++++---------- 4 files changed, 155 insertions(+), 67 deletions(-) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 11c2c94619..76f7731096 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1,3 +1,5 @@ +CVE-2013-20003 + RESERVED CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...) NOT-FOR-US: Elemin CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 888cddd21e..327190e2b6 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,3 +1,5 @@ +CVE-2018-25029 + RESERVED CVE-2018-25028 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) NOT-FOR-US: Rust crate libpulse-binding CVE-2018-25027 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 9bc4ae883a..1aa843e379 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,5 @@ +CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...) + TODO: check CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...) NOT-FOR-US: Moxa CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...) @@ -368,14 +370,14 @@ CVE-2021-46388 RESERVED CVE-2021-46387 RESERVED -CVE-2021-46386 - RESERVED -CVE-2021-46385 - RESERVED +CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File U ...) + TODO: check +CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...) + TODO: check CVE-2021-46384 RESERVED -CVE-2021-46383 - RESERVED +CVE-2021-46383 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...) + TODO: check CVE-2021-46382 RESERVED CVE-2021-46381 @@ -941,13 +943,13 @@ CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, NOTE: https://github.com/libexpat/libexpat/pull/538 NOTE: https://github.com/libexpat/libexpat/commit/85ae9a2d7d0e9358f356b33977b842df8ebaec2b CVE-2021-46142 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...) - {DLA-2883-1} + {DSA-5063-1 DLA-2883-1} - uriparser 0.9.6+dfsg-1 NOTE: https://github.com/uriparser/uriparser/issues/122 NOTE: https://github.com/uriparser/uriparser/commit/c0483990e6b5b454f7c8752b36760cfcb0d093f5 (uriparser-0.9.6) NOTE: https://github.com/uriparser/uriparser/pull/124 CVE-2021-46141 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...) - {DLA-2883-1} + {DSA-5063-1 DLA-2883-2 DLA-2883-1} - uriparser 0.9.6+dfsg-1 NOTE: https://github.com/uriparser/uriparser/issues/121 NOTE: https://github.com/uriparser/uriparser/commit/987b046e41f407d17c622e580fc82a5e834b4329 (uriparser-0.9.6) @@ -1023,16 +1025,16 @@ CVE-2021-46120 RESERVED CVE-2021-46119 RESERVED -CVE-2021-46118 - RESERVED -CVE-2021-46117 - RESERVED -CVE-2021-46116 - RESERVED -CVE-2021-46115 - RESERVED -CVE-2021-46114 - RESERVED +CVE-2021-46118 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...) + TODO: check +CVE-2021-46117 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...) + TODO: check +CVE-2021-46116 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web. ...) + TODO: check +CVE-2021-46115 (jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateCon ...) + TODO: check +CVE-2021-46114 (jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.Produ ...) + TODO: check CVE-2021-46113 (In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote ...) NOT-FOR-US: MartDevelopers KEA-Hotel-ERP open source CVE-2021-46112 @@ -1371,8 +1373,8 @@ CVE-2021-45977 RESERVED CVE-2021-45976 RESERVED -CVE-2021-45975 - RESERVED +CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerabi ...) + TODO: check CVE-2021-45974 RESERVED CVE-2021-45973 @@ -4840,8 +4842,8 @@ CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()] NOTE: https://github.com/latchset/tang/pull/81 NOTE: Introduced by: https://github.com/latchset/tang/commit/609050586e4863329d2db9b7cb73da5c09eeea2b (v8) NOTE: Fixed by: https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 (v11) -CVE-2021-44692 - RESERVED +CVE-2021-44692 (BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the ...) + TODO: check CVE-2021-44691 RESERVED CVE-2021-44690 @@ -6360,18 +6362,18 @@ CVE-2021-44125 RESERVED CVE-2021-44124 RESERVED -CVE-2021-44123 - RESERVED -CVE-2021-44122 - RESERVED +CVE-2021-44123 (SPIP 4.0.0 is affected by a remote command execution vulnerability. To ...) + TODO: check +CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ...) + TODO: check CVE-2021-44121 RESERVED -CVE-2021-44120 - RESERVED +CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...) + TODO: check CVE-2021-44119 RESERVED -CVE-2021-44118 - RESERVED +CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. ...) + TODO: check CVE-2021-44117 RESERVED CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12 ...) @@ -8455,8 +8457,8 @@ CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF f NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-43335 RESERVED -CVE-2021-43334 - RESERVED +CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Grou ...) + TODO: check CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...) NOT-FOR-US: Datalogic CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...) @@ -12176,8 +12178,7 @@ CVE-2021-41767 (Apache Guacamole 1.3.0 and older may incorrectly include a priva NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/6 CVE-2021-3837 (openwhyd is vulnerable to Improper Authorization ...) NOT-FOR-US: openwhyd -CVE-2021-41766 - RESERVED +CVE-2021-41766 (Apache Karaf allows monitoring of applications and the Java runtime by ...) - apache-karaf (bug #881297) CVE-2021-3836 (dbeaver is vulnerable to Improper Restriction of XML External Entity R ...) - dbeaver (bug #680987) @@ -41382,10 +41383,10 @@ CVE-2021-29848 RESERVED CVE-2021-29847 (BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) conf ...) NOT-FOR-US: IBM -CVE-2021-29846 - RESERVED -CVE-2021-29845 - RESERVED +CVE-2021-29846 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...) + TODO: check +CVE-2021-29845 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...) + TODO: check CVE-2021-29844 (IBM Jazz Team Server products is vulnerable to server-side request for ...) NOT-FOR-US: IBM CVE-2021-29843 (IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial o ...) @@ -41398,8 +41399,8 @@ CVE-2021-29840 RESERVED CVE-2021-29839 RESERVED -CVE-2021-29838 - RESERVED +CVE-2021-29838 (IBM Security Guardium Insights 3.0 could allow a remote attacker to ob ...) + TODO: check CVE-2021-29837 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...) NOT-FOR-US: IBM CVE-2021-29836 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 ...) @@ -58520,8 +58521,8 @@ CVE-2021-22602 RESERVED CVE-2021-22601 RESERVED -CVE-2021-22600 - RESERVED +CVE-2021-22600 (A double free bug in packet_set_ring() in net/packet/af_packet.c can b ...) + TODO: check CVE-2021-22599 RESERVED CVE-2021-22598 @@ -58580,8 +58581,8 @@ CVE-2021-22572 RESERVED CVE-2021-22571 RESERVED -CVE-2021-22570 - RESERVED +CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...) + TODO: check CVE-2021-22569 (An issue in protobuf-java allowed the interleaving of com.google.proto ...) [experimental] - protobuf 3.19.3-1 - protobuf diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 6652d50731..62a0e3e572 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,87 @@ +CVE-2022-24004 + RESERVED +CVE-2022-24003 + RESERVED +CVE-2022-24002 + RESERVED +CVE-2022-24001 + RESERVED +CVE-2022-24000 + RESERVED +CVE-2022-23999 + RESERVED +CVE-2022-23998 + RESERVED +CVE-2022-23997 + RESERVED +CVE-2022-23996 + RESERVED +CVE-2022-23995 + RESERVED +CVE-2022-23994 + RESERVED +CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_fi ...) + TODO: check +CVE-2022-23992 + RESERVED +CVE-2022-23991 + RESERVED +CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro ...) + TODO: check +CVE-2022-23989 + RESERVED +CVE-2022-23988 + RESERVED +CVE-2022-23987 + RESERVED +CVE-2022-23984 + RESERVED +CVE-2022-23983 + RESERVED +CVE-2022-23982 + RESERVED +CVE-2022-23981 + RESERVED +CVE-2022-23980 + RESERVED +CVE-2022-23979 + RESERVED +CVE-2022-23978 + RESERVED +CVE-2022-23977 + RESERVED +CVE-2022-23976 + RESERVED +CVE-2022-23975 + RESERVED +CVE-2022-23974 + RESERVED +CVE-2022-23103 + RESERVED +CVE-2022-0383 + RESERVED +CVE-2022-0382 + RESERVED +CVE-2022-0381 + RESERVED +CVE-2022-0380 + RESERVED +CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) + TODO: check +CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) + TODO: check +CVE-2022-0377 + RESERVED +CVE-2022-0376 + RESERVED +CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + TODO: check +CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + TODO: check +CVE-2022-0373 + RESERVED +CVE-2022-0372 + RESERVED CVE-2022-23973 RESERVED CVE-2022-23972 @@ -74,8 +158,8 @@ CVE-2022-23942 RESERVED CVE-2022-21184 RESERVED -CVE-2022-0368 - RESERVED +CVE-2022-0368 (Out-of-bounds Read in Conda vim prior to 8.2. ...) + TODO: check CVE-2022-0367 RESERVED CVE-2022-0366 @@ -86,14 +170,14 @@ CVE-2022-0364 RESERVED CVE-2022-0363 RESERVED -CVE-2022-0362 - RESERVED -CVE-2022-0361 - RESERVED +CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...) + TODO: check +CVE-2022-0361 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...) + TODO: check CVE-2022-0360 RESERVED -CVE-2022-0359 - RESERVED +CVE-2022-0359 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...) + TODO: check CVE-2022-0358 RESERVED - qemu @@ -155,7 +239,7 @@ CVE-2022-21201 RESERVED CVE-2022-21178 RESERVED -CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM hiep ...) +CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM simp ...) TODO: check CVE-2022-0354 RESERVED @@ -1712,8 +1796,8 @@ CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of Input NOT-FOR-US: livehelperchat CVE-2022-0252 RESERVED -CVE-2022-0251 - RESERVED +CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + TODO: check CVE-2022-0250 RESERVED CVE-2022-0249 @@ -2119,8 +2203,8 @@ CVE-2022-0204 [Heap overflow vulnerability in the implementation of the gatt pro NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=591c546c536b42bef696d027f64aa22434f8c3f0 (5.63) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2039807 -CVE-2022-0203 - RESERVED +CVE-2022-0203 (Improper Access Control in GitHub repository crater-invoice/crater pri ...) + TODO: check CVE-2022-0202 RESERVED CVE-2022-0201 @@ -2702,8 +2786,7 @@ CVE-2022-22934 RESERVED CVE-2022-22933 RESERVED -CVE-2022-22932 - RESERVED +CVE-2022-22932 (Apache Karaf obr:* commands and run goal on the karaf-maven-plugin hav ...) - apache-karaf (bug #881297) CVE-2022-22931 RESERVED @@ -2891,12 +2974,12 @@ CVE-2022-22854 RESERVED CVE-2022-22853 RESERVED -CVE-2022-22852 - RESERVED -CVE-2022-22851 - RESERVED -CVE-2022-22850 - RESERVED +CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) + TODO: check +CVE-2022-22851 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) + TODO: check +CVE-2022-22850 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) + TODO: check CVE-2022-22849 RESERVED CVE-2022-22149 @@ -5280,8 +5363,8 @@ CVE-2022-21946 RESERVED CVE-2022-21945 RESERVED -CVE-2022-21944 - RESERVED +CVE-2022-21944 (A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd ...) + TODO: check CVE-2022-21943 RESERVED CVE-2022-21942 -- cgit v1.2.3